Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRILL-6610: Add support for Minimum TLS restriction. #1388

Closed
wants to merge 1 commit into from
Closed

DRILL-6610: Add support for Minimum TLS restriction. #1388

wants to merge 1 commit into from

Conversation

superbstreak
Copy link
Contributor

No description provided.

sohami
sohami reviewed Aug 22, 2018
View reviewed changes
contrib/native/client/src/clientlib/channel.hpp Outdated
} else {
return boost::asio::ssl::context::tlsv12;
}
}

/// @brief Applies Minimum TLS protocol restrictions.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add a comment saying version tlsv11+ means tls version 1.1 or higher

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

contrib/native/client/src/clientlib/channel.hpp
return SSL_OP_NO_TLSv1;
} else if (in_ver == "tlsv12+") {
return (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like SSL_OP_NO_TLSv1 and others are getting deprecate with 1.1.0 openssl. Please see here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a note of that in the comments

contrib/native/client/src/clientlib/channel.hpp Outdated
return (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
}
#endif
return 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think by default we can always return SSL_OP_NO_SSLv3 even though we are setting options to context for no_sslv2 | no_sslv3;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

@vdiravka
Copy link
Member

@superbstreak Could you please respond to review comments? In that case there these changes can be included to the Apache Drill 1.15 release version.

sohami
sohami approved these changes Nov 5, 2018
View reviewed changes
Copy link
Contributor

@sohami sohami left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes. + 1

@ilooner ilooner closed this in 33810df Nov 10, 2018
mattpollack pushed a commit to mattpollack/drill that referenced this pull request Feb 25, 2019
@superbstreak @mattpollack
DRILL-6610: Add support for Minimum TLS restriction.
9e5ade7 
closes apache#1388
lushuifeng pushed a commit to lushuifeng/drill that referenced this pull request Jun 21, 2019
@superbstreak @lushuifeng
DRILL-6610: Add support for Minimum TLS restriction.
b2bb30b 
closes apache#1388
xiangt920 pushed a commit to xiangt920/drill that referenced this pull request Dec 26, 2019
@superbstreak @xiangt920
DRILL-6610: Add support for Minimum TLS restriction.
825afd6 
closes apache#1388
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sohami sohami sohami approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@superbstreak @vdiravka @sohami